beautypg.com

Defining profile security settings – Brocade Mobility Access Point System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 183

background image

Brocade Mobility Access Point System Reference Guide

173

53-1003100-01

5

Refer to the following table to configure the Auto IPSec Tunnel settings:

Select OK to save the updates made to the Auto IPSec Tunnel screen. Selecting Reset reverts the
screen to its last saved configuration.

Defining Profile Security Settings

Profile Security Configuration

A profile can leverage existing firewall, wireless client role and WIPS policies and configurations
and apply them to the profile’s configuration. This affords each profile a truly unique combination
of data protection policies best meeting the data protection requirements of the access point’s
numerous deployment scenarios.

To define a profile’s security settings:

1. Select the Configuration tab from the Web UI.

2. Select Devices.

3. Select System Profile from the options on left-hand side of the UI.

4. Expand the Security menu and select Settings.

FIGURE 73

Profile Security - Settings screen

Group ID

Configure the ID string used for IKE authentication. String length can be between 1-64
characters.

Authentication Type

Set the IPSec Authentication Type. Options include PSK (Pre Shared Key) or rsa.

Authentication Key

Set the common key for authentication between the remote tunnel peer. Key length is between
8-21 characters.

IKE Version

Configure the IKE version to use. The available options are ikev1-main, ikev1-aggr and ikev2.

Enable NAT after IPSec

Select this option to enable NAT after IPSec. Enable this option if there are NATted networks
behind VPN tunnels.

Use Unique ID

In scenarios where different access points behind different NAT boxes/routers have the same IP
address, it is not possible to create a tunnel between the wireless controller and access point, as
the wireless controller fails to identify the access point uniquely. When selected, each access
point behind a same NAT box/router will have a unique ID used to create the VPN tunnel.

See also other documents in the category Brocade Computer Accessories: